# coinbasewallet.support — MALICIOUS

> coinbasewallet.support was flagged for social engineering risks posing as Coinbase. Stay vigilant and avoid interacting with this fraudulent site.

## Summary
PhishDestroy identifies coinbasewallet.support as a high-risk brand impersonation domain targeting Coinbase users. The site mimicked official Coinbase wallet support pages to deceive visitors, potentially leading to credential theft or financial fraud. With a page titled "Crypto Wallet FAQ - Help Center," it aimed to exploit user trust in the Coinbase brand.

The domain resolved to IP 194.164.74.34 and was registered via HOSTINGER-HOSTING (ASN: 47583). It appeared on three distinct security blocklists and was flagged by Google Safe Browsing for social engineering. Additionally, 14 out of 95 VirusTotal security vendors identified malicious activity associated with the domain. Thanks to coordinated efforts, coinbasewallet.support has been taken offline to prevent further harm.

Users are strongly advised to avoid interacting with coinbasewallet.support or any similarly named sites. Always verify URLs carefully and access cryptocurrency services through official channels only. If users suspect they have provided sensitive information to this domain, they should immediately change passwords, enable two-factor authentication, and monitor accounts for suspicious activity.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Coinbase
- Page title: Crypto Wallet FAQ - Help Center

## Domain Intelligence
- Registrar: HOSTINGER operations, UAB
- Country: LT
- IP: 2a02:4780:27:1401:0:3412:ada0:6
- IP Country: FR
- IP City: Paris
- IP Org: AS47583 Hostinger International Limited
- Nameservers: ns1.dns-parking.com ns2.dns-parking.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ChainPatrol", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Lionic", "Seclookup", "SOCRadar", "Sophos"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a4eb9-e10c-70cf-b527-33f44d79d20b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/fc7a88e6-4941-4b95-8687-bcb72630a34e
- PhishDestroy: https://phishdestroy.io/domain/coinbasewallet.support/
- LLM endpoint: https://phishdestroy.io/domain/coinbasewallet.support/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/coinbasewallet.support/
Last updated: 2026-03-19